Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Outbound Nat with multiple WANS

    NAT
    2
    5
    1947
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      geewhz01 last edited by

      I have 3 Internet connections and I have multiple internal lans.  The Outbound NAT works as expected as long as each vlan/internal lan has it's own outbound nat, but if I try to take one host from the same vlan and assign a different ip for outbound nat it still appears as it's coming from the same source rather than the specific source for that entry.

      For example in the outbound nat, the 4th entry should be getting a .238 address, but it's in the same network at the 6th rule.  On the firewall rules you will see that I have assigned the interface of ATT for the same server in the NAT rules.  When I do this it still goes out the primary wan interface and obviously can't assign the proper NAT address.  I know I'm just doing something wrong with this one, any help is greatly appreciated.  I'm running RC1 of 1.2.3.




      1 Reply Last reply Reply Quote 0
      • K
        kpa last edited by

        The order of the firewall rules is significant, you have to place rules with a specific gateway above rules that use the default gateway so they have precedence.

        1 Reply Last reply Reply Quote 0
        • G
          geewhz01 last edited by

          @kpa:

          The order of the firewall rules is significant, you have to place rules with a specific gateway above rules that use the default gateway so they have precedence.

          I understand that and I believe that is the case in the example.  I understand the specific gateway needs to be first and in this case the 4th rule in the nat is.  I just didn't believe the other specific addresses would matter that they have no gateway.  Either way I have moved that rule to the  top and just believe the deny rule, it does not make any difference.  The way it's acting, anything that is in my default lan appears to always go out the WAN interface with the interface address.

          1 Reply Last reply Reply Quote 0
          • K
            kpa last edited by

            What I mean the order of the firewall rules, not outbound nat rules. Policy routing is done with firewall rules in pfSense. The outbound nat rules are used after the routing decision has been made, not before.

            1 Reply Last reply Reply Quote 0
            • G
              geewhz01 last edited by

              @kpa:

              What I mean the order of the firewall rules, not outbound nat rules. Policy routing is done with firewall rules in pfSense. The outbound nat rules are used after the routing decision has been made, not before.

              Gotcha, I see where I was making a mistake as well.

              Thanks!!!

              Andy

              1 Reply Last reply Reply Quote 0
              • First post
                Last post